Merge branch 'next' into temp-c163-development

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>

config/rootfiles/common/suricata

@@ -37,6 +37,7 @@ usr/share/suricata
 #usr/share/suricata/rules/smtp-events.rules
 #usr/share/suricata/rules/stream-events.rules
 #usr/share/suricata/rules/tls-events.rules
+var/ipfire/suricata/suricata-default-rules.yaml
 var/lib/suricata
 var/lib/suricata/classification.config
 var/lib/suricata/reference.config

config/suricata/suricata-default-rules.yaml

@@ -0,0 +1,20 @@
+%YAML 1.1
+---
+
+# Default rules which helps
+ - /usr/share/suricata/rules/app-layer-events.rules
+ - /usr/share/suricata/rules/decoder-events.rules
+ - /usr/share/suricata/rules/dhcp-events.rules
+ - /usr/share/suricata/rules/dnp3-events.rules
+ - /usr/share/suricata/rules/dns-events.rules
+ - /usr/share/suricata/rules/files.rules
+ - /usr/share/suricata/rules/http-events.rules
+ - /usr/share/suricata/rules/ipsec-events.rules
+ - /usr/share/suricata/rules/kerberos-events.rules
+ - /usr/share/suricata/rules/modbus-events.rules
+ - /usr/share/suricata/rules/nfs-events.rules
+ - /usr/share/suricata/rules/ntp-events.rules
+ - /usr/share/suricata/rules/smb-events.rules
+ - /usr/share/suricata/rules/smtp-events.rules
+ - /usr/share/suricata/rules/stream-events.rules
+ - /usr/share/suricata/rules/tls-events.rules

config/suricata/suricata.yaml

@@ -46,28 +46,11 @@ vars:
 ##
 default-rule-path: /var/lib/suricata
 rule-files:
-    # Default rules
-    - /usr/share/suricata/rules/app-layer-events.rules
-    - /usr/share/suricata/rules/decoder-events.rules
-    - /usr/share/suricata/rules/dhcp-events.rules
-    - /usr/share/suricata/rules/dnp3-events.rules
-    - /usr/share/suricata/rules/dns-events.rules
-    - /usr/share/suricata/rules/files.rules
-    - /usr/share/suricata/rules/http2-events.rules
-    - /usr/share/suricata/rules/http-events.rules
-    - /usr/share/suricata/rules/ipsec-events.rules
-    - /usr/share/suricata/rules/kerberos-events.rules
-    - /usr/share/suricata/rules/modbus-events.rules
-    - /usr/share/suricata/rules/mqtt-events.rules
-    - /usr/share/suricata/rules/nfs-events.rules
-    - /usr/share/suricata/rules/ntp-events.rules
-    - /usr/share/suricata/rules/smb-events.rules
-    - /usr/share/suricata/rules/smtp-events.rules
-    - /usr/share/suricata/rules/stream-events.rules
-    - /usr/share/suricata/rules/tls-events.rules
-
     # Include enabled ruleset files from external file
-    - !include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+    include: /var/ipfire/suricata/suricata-used-rulefiles.yaml
+
+    # Include default rules.
+    include: /var/ipfire/suricata/suricata-default-rules.yaml
 
 classification-file: /var/lib/suricata/classification.config
 reference-config-file: /var/lib/suricata/reference.config

lfs/keepalived

@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.1.5
+VER        = 2.2.4
 
 THISAPP    = keepalived-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,9 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = keepalived
-PAK_VER    = 9
-
-SUP_ARCH   = none
+PAK_VER    = 10
 
 DEPS       =
 
@@ -46,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 27e1cfff5b8dd95062ad415957e663e5
+$(DL_FILE)_MD5 = 7097ba70a7c6c46c9e478d16af390a19
 
 install : $(TARGET)
 

lfs/pcengines-apu-firmware

@@ -70,7 +70,7 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
 
 md5 : $(subst %,%_MD5,$(objects))
 
-dist: 
+dist:
 	@$(PAK)
 
 ###############################################################################

lfs/suricata

@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata-disable-sid-2210059.patch
 	cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc \
@@ -96,6 +97,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Install IPFire related config file.
 	install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
 
+	# Install yaml file for loading default rules.
+	install -m 0664 $(DIR_SRC)/config/suricata/suricata-default-rules.yaml /var/ipfire/suricata
+
 	# Create emtpy rules directory.
 	-mkdir -p /var/lib/suricata
 

src/installer/dracut-module/module-setup.sh

@@ -26,7 +26,7 @@ install() {
     instmods efivarfs
 
     # Network drivers
-    instmods =drivers/net/ethernet =drivers/net/usb
+    instmods =drivers/net/ethernet =drivers/net/phy =drivers/net/usb
     instmods virtio_net hv_netvsc vmxnet3
 
     # Filesystem support

src/patches/suricata-disable-sid-2210059.patch

@@ -0,0 +1,12 @@
+diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules
+--- a/rules/stream-events.rules	2021-11-17 16:55:12.000000000 +0100
++++ b/rules/stream-events.rules	2021-12-08 18:12:39.850189502 +0100
+@@ -89,7 +89,7 @@
+ # rule to alert if a stream has excessive retransmissions
+ alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;)
+ # Packet on wrong thread. Fires at most once per flow.
+-alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
++#alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
+ 
+ # Packet with FIN+SYN set
+ alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:fin_syn; classtype:protocol-command-decode; sid:2210060; rev:1;)